Cyber Hygiene: From Cyber Security to Home
There are many security best practices that a Cyber Security professional will implement at work to ensure proper Cyber Hygiene is kept on all systems and environments — but what about at home?
Cyber Hygiene You Say?
Cyber Hygiene is just as important to upkeep as your regular day personal hygiene to ward off natural weakening; it refers to the practices and steps that owners of computers and other devices take to maintain the system’s health and improve online security. Following these best practices and steps help improve the safety of credentials and confidential data that is at risk of corruption or theft.
Poor Cyber Hygiene Outcomes
Systems and devices that are not subjected to proper Cyber Hygiene could result in issues that can be both experienced in the work environment and home:
- Out of date software — Out of date software are more vulnerable to attacks and malware, and could result in security breaches that put your precious data at risk.
- Loss of data — devices that are not kept up to date, secure, or backed up are vulnerable to attacks, and can results in the loss of data by either theft or corruption.
- Misplace of data — not following proper cyber hygiene can result in misplacing data across various locations. Not knowing where your data is located can cause some unwanted headaches.
Safe Hygiene Tips from Work to Home
I’m sure you have seen those posters around work stating things like “Don’t share your passwords”, or “Don’t open suspicious emails”, or “Don’t let the person tailing you into the building” (tailgating). There are good reasons behind these posters as there is always a story for them, so why not follow them at home too?
Here are some quick Cyber Hygiene tips from a Cyber Security professional’s workplace that you can implement at home to help safeguard your loved ones:
- Do not open emails from your family members. Receiving unexpected emails from loved ones can be a great feeling, however you should always be weary of them, and pay attention to the subject line, sender email address, and attachments. For example: The ILOVEYOU worm, aka Love Bug, infected 10 million personal Windows computers in May, 2000. Recipients would receive an email with a .vbs script that overwrites random files on the system. It propagated itself by sending itself to all contacts within the address book used by Outlook with the subject titled: I Love You.
- Use a separate network segment for IoT devices. IoT devices don’t always get updated with new security policies or patches, and thus the older they are, the more vulnerable they become. Should an IoT device become compromised, having them separated can limit the attacker’s access to your main devices (laptop, or phone), where most of your data is stored.
- Change the default username and password for devices. Along with having the smart devices on a separate network, you should also change the default credentials. For example: If you implement a Linksys router on your network with the login credentials of admin/admin, it is strongly recommended to change those. You can do a simple search online on how to change the default credentials. Need more info? Check out this article: https://nakedsecurity.sophos.com/2018/03/22/the-password-to-your-iot-device-is-just-a-google-search-away/
- Do no open suspicious files or attachments. There are circumstances where suspicious files will still make it through to your email, such as the firewall allowing it, as well as your Antivirus still stating everything is A-OK. If that’s the case, then it is recommended to open the file utilizing services such as Any.Run. This service allows you to open a suspicious file within a virtual setting, and analyzing the events and actions occurring on the VM, letting you know how your system would be affected by the suspicious file. Windows Sandbox is also a really nice tool to learn how to use.
- Password protect your devices. Yup. All of them. An added bonus would be to use Full Disk Encryption.
- Ensure your Firewall is enabled, and your Anti-Virus is up to date. A firewall is used to block unwanted traffic into your network, and an anti-virus scans for known viruses and worms that might have been able to pass through your firewall. You need to keep these updated so that they can scan and stop the latest known viruses from harming your network and devices.
- Update your system regularly. Along with the above tip, updating your system is critical for patching up those security vulnerabilities. There are thousands of individuals/teams that try to exploit a system’s or software’s function in order to gain access (or worse); some do it for good, and others not so good. When a company like Google, Microsoft, or Samsung deploy a new update, it is recommended to download and apply the update in order to close any vulnerabilities that could be found on the system.
- Clear screen, Clear desk. This is an old one that is still relative especially today. With so many people working from home, it is incredibly important to follow this Cyber Hygiene. You should be treating your workspace at home as you do at your office — screen is locked when you walk away (even for a second), and your desk has no visible documents, or notes laying around for “that friend” to find.
- Educate others. If you read an article about new online safety tips, or a new way someone can get access to your data, share it with your family and friends. The more people follow proper Cyber Hygiene, the safer the internet can be for everyone.
Applying the Cyber Hygiene tips at home can be as simple as a few clicks; there are many more things from beginner to expert that you can do to keep everyone in your home safe. As a Cyber Security Specialist, I encourage everyone to share tips and tricks that you use to better your Cyber Hygiene at home.